Zoho Email Integration

The skill's code, docs, and runtime instructions are internally consistent with a Zoho Mail integration; security issues called out in the repo appear to have been fixed and documented, with no evidence the skill asks for unrelated privileges.

This repo appears to implement the described Zoho Mail features and documents and fixes past vulnerabilities. Before installing: prefer OAuth2 (follow oauth-setup.py) to avoid putting app passwords in environment variables; verify you actually need to set ZOHO_PASSWORD (it can be optional if using OAuth2/tokens); inspect and deploy the secure command handler (email-command-SECURE.js) if you expose /email commands to untrusted users; restrict bot command access and add rate-limiting/audit logging for any chat-exposed handlers; keep token files under ~/.clawdbot with 0600 permissions and do not commit them to version control. If you need higher assurance, review scripts/zoho-email.py and the Clawdbot handlers for any remaining subprocess usage in your deployment context.